Anti-censorship team report: August 2020

by phw | September 4, 2020

Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in August 2020. Let us know if you have any questions or feedback!




  • Decided to call our BridgeDB redesign rdsys, which is short for "resource distribution system." Do you have a better name? If so, let us know!

  • Created a GitLab repository for rdsys. The code is a messy construction site and will continue to be in the foreseeable future.

  • Improved the way rdsys talks to bridgestrap to verify that bridges are working.

  • Built an HTTP streaming interface between rdsys's backend and its distributors. This interface allows the backend to stream resource updates to the distributors without delay. The goal is that resources (i.e. bridges) are distributed to users immediately after they are added to the system.



  • Improved the service's shutdown procedure, caching mechanism, its documentation, and its HTTP API. Added a command line flag to print bridgestrap's cache.

  • Added a token bucket mechanism to limit the number of requests that the service accepts.





Please note that the comment area below has been archived.

September 06, 2020


Any estimate on when Snowflake will be integrated into the main Tor Browser?

September 07, 2020


Hi Tor Team,

There seems to be a problem with your site. After I tried to post your page kept refreshing itself. In order to read the page I needed to click the Stop button (alongside the Forward and Back buttons). There seems to be something stored in a cookie because the only way to prevent this is to reset Tor Browser. Using the Broomstick button.

It didn't look like my comment was successfully posted to your recent alpha release blog page. So I'll post here instead. This is what I wrote:

"Hi Tor Team,

It's good to see that the Bug (sic: bugfix rather) "Let JavaScript on safest setting handled by NoScript again" is added.

Can this be rolled out for immediate and emergency release on the non-Alpha release. For almost a month, I've not been about to keep in touch with various operators that happen to be on a site that also runs google js.

May I ask, where did the need to break Tor's safest setting come from? Who instigated this and why? This is important to know so that we can prevent future problems.

This is likely proving a traffic analyser's dream, because Tor have been able to divide users by those who have downgraded their security to allow all JS and those who refuse to downgrade. Not good."

> After I tried to post your page kept refreshing itself.

Turn on Safer, Standard, or javascript. Here is the original ticket because I can't find it on Gitlab.

> where did the need to break Tor's safest setting come from? Who instigated this and why?

Javascript always has been disabled by default in the safest/highest security setting. As for why Javascript does not become enabled if you go into NoScript and tweak it yourself and you're in the Safest setting, read here:

See also:

September 08, 2020


9/9/20, 05:34:30.821 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
9/9/20, 05:37:04.818 [NOTICE] Bootstrapped 14% (handshake): Handshaking with a relay

If you only waited a few seconds you might not have given your Tor client enough time to set things up.

The Tor client is the basic Tor software, which runs "under" Tor Browser, which is based on Firefix. The Tor client software comes bundled with Tor Browser. It is set up automatically when you unpack the compressed file you downloaded from and unpacked somewhere in your computer.

To connect to the Tor network, your Tor client needs to contact the Tor Directory authorities, then download current information about the Tor network, then to start building Tor circuits. Once you have enough Tor circuits, Tor Browser tells you that you are reading to browse the Web.

FWIW, "handshake" refers to using a public/private keypair to establish an encrypted connection with a Tor node (or, I think, with a Directory Authority). It looks like your client was trying to build circuits when... you gave up too soon?